Several blockchain security companies on Twitter reported a bug in a smart contract on the popular decentralized finance (DeFi) protocol SushiSwap. Thus, resulted in losses of over $3 million on April 9CertiK Alert and Peckshield raised alarms about an unusual activity related to the approval function in Sushi’s Router Processor 2 contract, which is responsible for aggregating trade liquidity from various sources and determining the most favorable price for swapping coins. Within a few hours, the bug led to losses totaling $3.3 million.
Impact of the Hack on Users
Users who swapped in the past four days were affected, as stated by DefiLlama developer 0xngm. In response to the incident, Sushi’s head developer, Jared Grey, urged users to revoke permissions for all contracts on the protocol. Additionally, he informed the community about the bug. A list of contracts on different blockchains that require revocation has been shared on GitHub to address the issue.
However, there was some positive news as well. Grey took to Twitter a few hours later to announce that a “large portion of affected funds” had been recovered through a white hat security process. He mentioned that more than 300ETH had been recovered from CoffeeBabe of Sifu’s stolen funds. The team was in contact with Lido’s team regarding the recovery of 700 more ETH.
The Sushi community had an eventful weekend, as just a day before the incident, Grey and his counsel provided comments on the recent subpoena from the United States Securities and Exchange Commission (SEC). Grey clarified that the SEC’s investigation was a non-public fact-finding inquiry to determine if there were any violations of federal securities laws. He stated that the SEC had not concluded that anyone affiliated with Sushi had violated US federal securities laws. Grey also mentioned that he was cooperating with the investigation. In response to the subpoena, a legal defense fund was proposed on Sushi’s governance forum on March 21.
Prioritizing Security Measures in SushiSwap and Other DeFi Protocols
The incident highlights the risks associated with smart contracts and DeFi protocols, which operate on blockchain technology. Despite their decentralized nature, vulnerabilities and bugs can still occur. Resulting in significant financial losses for users. It underscores the importance of thorough security audits and constant vigilance in the rapidly evolving world of DeFi. SushiSwap and other DeFi protocols must continue to prioritize security measures. Furthermore, ensure that their smart contracts are thoroughly audited and updated to prevent such incidents in the future.
